The invention relates to a transmission system for transmitting data packets from a transmitter to a receiver, said data packets comprising a header and an encrypted data field, said data fields being decryptable by means of a changing decryption key.
The invention further relates to a transmitter for transmitting data packets to a receiver, a receiver for receiving data packets from a transmitter, a method for transmitting data packets from a transmitter to a receiver and a compound signal comprising data packets.
A transmission system according to the preamble is known from the document RFC 1825,xe2x80x9cSecurity Architecture for the Internet Protocolxe2x80x9d, August 1995. In many modem digital transmission systems a transmitter broadcasts data services to a plurality of receivers. In such systems it may be desirable that only a limited number of the users of the receivers, e.g. only those who have paid or who belong to a certain group, have access to the data services. Such conditional access to the data services can be realised by encrypting the data, by transmitting the encrypted data to the receivers, and by supplying only to those receivers who are entitled to the data the decryption keys necessary for the decryption of the data. By means of the decryption keys the receivers can decrypt the data. For security reasons the decryption key has to be changed after a certain period of time or after the transmission of a certain amount of data. The transition to a new decryption key has to be synchronised between transmitter and receiver.
It is unclear how the known transmission system deals with this synchronisation.
An object of the invention is to provide a transmission system, wherein the receiver is able to efficiently handle the decryption of encrypted data packets. This object is achieved in the transmission system according to the invention, which is characterized in that the header comprises information indicating a change of the decryption key. By including this information in the header the receiver can determine exactly when to start using a new decryption key.
An embodiment of the transmission system according to the invention is characterized in that the data packets comprise IP packets. In this way data services defined at the IP level can be broadcasted securely.
A further embodiment of the transmission system according to the invention is characterized in that the header comprises an ESP header, said ESP header comprising the information indicating a change of the decryption key. By including the information indicating a change of the decryption key in the SPI field of the ESP header a maximum commonality with IP encryption mechanisms used in the Internet is reached. The SPI field is the only mandatory field for all different encryption methods, so this field does not change.